Tag: Risk Assessment

Google has expelled 20 Android apps from its Play marketplace after finding they contained code for monitoring and extracting users’ e-mail, text messages, locations, voice calls, and other sensitive data.

The apps, which made their way onto about 100 phones, exploited known vulnerabilities to “root” devices running older versions of Android. Root status allowed the apps to bypass security protections built into the mobile operating system. As a result, the apps were capable of surreptitiously accessing sensitive data stored, sent, or received by at least a dozen other apps, including Gmail, Hangouts, LinkedIn, and Messenger. The now-ejected apps also collected messages sent and received by Whatsapp, Telegram, and Viber, which all encrypt data in an attempt to make it harder for attackers to intercept messages while in transit.

Microsoft today announced a new bug bounty scheme that would see anyone finding a security flaw in Windows eligible for a payout of up to $15,000.

The company has been running bug bounty schemes, wherein security researchers are financially rewarded for discovering and reporting exploitable flaws, since 2013. Back then, it was paying up to $11,000 for bugs in Internet Explorer 11. In the years since then, Microsoft’s bounty schemes have expanded with specific programs offering rewards for those finding flaws in the Hyper-V hypervisor, Windows’ wide range of exploit mitigation systems such as DEP and ASLR, and the Edge browser.

Many of these bounty programs were time limited, covering software during its beta/development period but ending once it was released. This structure is an attempt to attract greater scrutiny before exploits are distributed to regular end-users. Last month, the

A mysterious piece of malware that gives attackers surreptitious control over webcams, keyboards, and other sensitive resources has been infecting Macs for at least five years. The infections—known to number nearly 400 and possibly much higher—remained undetected until recently and may have been active for almost a decade.

Patrick Wardle, a researcher with security firm Synack, said the malware is a variant of a malicious program that came to light in January after circulating for at least two years. Dubbed Fruitfly by some, both malware samples capture screenshots, keystrokes, webcam images, and information about each infected Mac. Both generations of Fruitfly also collect information about devices connected to the same network. After researchers from security firm Malwarebytes discovered the earlier Fruitfly variant infecting four Macs, Apple updated macOS to automatically detect the malware.

The idea of the lawsuit, which was filed in August 2016, is to use various federal laws including the Computer Fraud and Abuse Act (CFAA), the Electronic Communications Privacy Act (ECPA), and American trademark law as a way to seize command-and-control domain names used by the group, which goes by various monikers including APT28 and Strontium. Many of the domain names used by Fancy

The US Federal Communications Commission says it has no written analysis of DDoS attacks that hit the commission’s net neutrality comment system in May.

In its response to a Freedom of Information Act (FoIA) request filed by Gizmodo, the FCC said its analysis of DDoS attacks “stemmed from real time observation and feedback by Commission IT staff and did not result in written documentation.” Gizmodo had asked for a copy of any records related to the FCC analysis that concluded DDoS attacks had taken place. Because there was no “written documentation,” the FCC provided no documents in response to this portion of the Gizmodo FoIA request.

The FCC also declined to release 209 pages of records, citing several exemptions to the FoIA law. For example, publication of documents related to “staffing

A Russian man who helped create and spread the notorious Citadel malware back in 2011 was sentenced Wednesday to five years in prison by a federal judge in Atlanta.

According to the Associated Press, Mark Vartanyan will receive two years’ credit for time already served in Norway, where he had been living previously. He was extradited to the United States in December 2016 and was arraigned and pleaded guilty to hacking charges in March 2017. Vartanyan had apparently been helping prosecutors with their investigation “from the start.”

A new group at Harvard University staffed by the former campaign managers of the Hillary Clinton and Mitt Romney campaigns, along with other top security experts, have banded together to help mitigate various types of online attacks that threaten American democracy.

The initiative, dubbed “Defending Digital Democracy,” will be run by former chief of staff for the secretary of defense, Eric Rosenbach.

“Americans across the political spectrum agree that political contests should be decided by the power of ideas, not the skill of foreign hackers,” Rosenbach said in a Tuesday statement. “Cyber deterrence starts with strong cyber defense—and this project brings together key partners in politics, national security, and technology to generate innovative ideas to safeguard our key

On Wednesday, the Samba Team released new security updates to fix a vulnerability in “all versions of Samba from 4.0.0 onward using embedded Heimdal Kerberos,” according to an announcement from the United States-Computer Emergency Readiness Team (US-CERT).

Because of WannaCry, Microsoft took the rare step of issuing patches for three discontinued versions of Windows that hadn’t been updated in years. In a blog post released at the time, Microsoft believed that the ransomware worked due to a SMB protocol exploit.

If you stayed at one of 14 Trump hotel properties between July 2016 and March 2017, there’s a chance your credit card data and other personal information may have been pilfered. (We have posted the full list of new hacks here.)

According to a Tuesday statement posted on the Trump Hotels website, a booking service called Sabre notified the Trump Organization that “an unauthorized party gained access to account credentials that permitted access to payment card data and certain reservation information for some of our hotel reservations…”

Shortly after Bloomberg Businessweek published an explosive story under the headline: “Kaspersky Lab Has Been Working With Russian Intelligence,” the security firm released a lengthy statement noting that the company does not have “inappropriate ties with any government.”

The article, which was published in the early morning hours on Tuesday, says that the Moscow-based firm “has maintained a much closer working relationship with Russia’s main intelligence agency, the FSB, than it has publicly admitted. It has developed security technology at the spy agency’s behest and worked on joint projects the CEO knew would be embarrassing if made public.” Media organization McClatchy made seemingly similar claims in a July 3 report.

In the same statement, Kaspersky responded further: “It’s important to be clear:

I have a healthy level of paranoia given the territory I inhabit. When you write things about hackers and government agencies and all that, you simply have a higher level of skepticism and caution about what lands in your e-mail inbox or pops up in your Twitter direct messages. But my paranoia is also based on a rational evaluation of what I might encounter in my day-to-day: it’s based on my threat model.

In the most basic sense, threat models are a way of looking at risks in order to identify the most likely threats to your security. And the art of threat modeling today is widespread. Whether you’re a person, an organization, an application, or a network, you likely go through some kind of analytical process to evaluate risk.

The Department of Homeland Security and FBI have issued a joint report providing details of malware attacks targeting employees of companies that operate nuclear power plants in the US, including the Wolf Creek Nuclear Operating Corporation, the New York Times reports. The attacks have been taking place since May, as detailed in the report issued by federal officials last week, sent out to industry.

The “amber” alert to industry—the second highest level of severity for these types of reports from the FBI and DHS—noted that the attacks had been focused on employees’ personal computers but had not managed to jump to control systems. Administrative computers and reactor control systems in most cases are operated separately, and the control networks are generally “air-gapped”—kept disconnected from networks that attach to the Internet.

There is no evidence that information on plant operations was exposed. FBI and DHS analysts

The third-party software updater used to seed last week’s NotPetya worm that shut down computers around the world was compromised more than a month before the outbreak. This is yet another sign the attack was carefully planned and executed.

Researchers from antivirus provider Eset, in a blog post published Tuesday, said the malware was spread through a legitimate update module of M.E.Doc, a tax-accounting application that’s widely used in Ukraine. The report echoed findings reported earlier by Microsoft, Kaspersky Lab, Cisco Systems, and Bitdefender. Eset said a “stealthy and cunning backdoor” used to spread the worm probably required access the M.E.Doc source code. What’s more, Eset said the underlying backdoored ZvitPublishedObjects.dll file was first pushed to M.E.Doc users on May 15, six weeks before the NotPetya outbreak.

This article was originally published on Scott Helme’s blog and is reprinted here with his permission.

We have a little problem on the web right now and I can only see it becoming a larger concern as time goes by: more and more sites are obtaining certificates, vitally important documents needed to deploy HTTPS, but we have no way of protecting ourselves when things go wrong.

Certificates

We’re currently seeing a bit of a gold rush for certificates on the Web as more and more sites deploy HTTPS. Beyond the obvious security and privacy benefits of HTTPS, there are quite a few reasons you might want to consider moving to a secure connection that I outline in my article Still think you don’t need HTTPS?. Commonly referred to as “SSL certificates”

Update:This post was revised throughout to reflect changes F-Secure made to Thursday’s blog post. The company now says that the NotPetya component completed in February didn’t have any definitive bearing on when the NSA exploits were obtained. F-Secure Security Advisor Sean Sullivan tells Ars that the component weaves in the NSA exploits so well that it’s likely the developers had access to the NSA code. “It strongly hints at this possibility,” he said. “We feel strongly that this is the best theory to debunk.” This post is being revised to make clear the early access is currently an unproven theory.

The people behind Tuesday’s massive malware outbreak might have had access to two National Security Agency-developed exploits several weeks before they were published on the Internet, according

Tuesday’s massive outbreak of malware that shut down computers around the world has been almost universally blamed on ransomware, which by definition seeks to make money by unlocking data held hostage only if victims pay a hefty fee. Now, some researchers are drawing an even bleaker assessment—that the malware was a wiper with the objective of permanently destroying hard drives.

Initially, researchers said the malware was a new version of the Petya ransomware that first struck in early 2016. Later, researchers said it was a new, never-before-seen ransomware package that mimicked some of Petya’s behaviors. With more time to analyze the malware, researchers on Wednesday are highlighting some curious behavior for a piece of malware that was nearly perfect in almost all other respects: its code is so aggressive

The Windows 10 Fall Creators Update will include EMET-like capabilities managed through a new feature called Windows Defender Exploit Guard.

Microsoft’s EMET, the Enhanced Mitigation Experience Toolkit, was a useful tool for hardening Windows systems. It used a range of techniques—some built in to Windows, some part of EMET itself—to make exploitable security flaws harder to reliably exploit. The idea being that, even if coding bugs should occur, turning those bugs into actual security issues should be made as difficult as possible.

With Windows 10, however, EMET’s development was essentially cancelled. Although Microsoft made sure the program ran on Windows 10, the company said that EMET was superfluous on its latest operating system. Some protections formerly provided by EMET had been built into the core operating system itself, and Windows 10 offered additional protections far beyond the scope of what

The official website of Ohio Governor John Kasich and the site of Ohio First Lady Karen Kasich were defaced on June 25 by a group calling itself Team System DZ. The group is a known pro-Islamic State “hacktivist” group that has repeatedly had its social media accounts suspended for posting IS propaganda videos and other activity. Kasich’s site was but one of a number of state and local government websites that were hijacked by Team System DZ early this week, all of which had one thing in common: they were running on an outdated version of the DotNetNuke (DNN) content management platform.

DNN Platform is a popular content management system (particularly with state and local governments) based on Windows Server and the ASP.NET framework for Microsoft Internet Information Server. DNN Platform is open source and available for free—making it attractive to government agencies looking for something low cost

Microsoft sparked a curious squabble over malware discovery and infection rates. At the start of the month security firm Check Point reported on a browser hijacker and malware downloader called Fireball. The firm claimed that it had recently discovered the Chinese malware and that it had infected some 250 million systems.

Today, Microsoft said no. Redmond claimed that actually, far from being a recent discovery, it had been tracking Fireball since 2015 and that the number of infected systems was far lower (though still substantial) at perhaps 40 million.

The two companies do agree on some details. They say that the Fireball hijacker/downloader is spread through being bundled with programs that users are installing deliberately. Microsoft further adds that these installations are often media and apps of “dubious origin” such as pirated software and keygens. Check Point says that the software was developed by a Chinese

Posts navigation

SeriouslyMac is curated by Keith Teare of chat.center. The top Mac blogs are monitored. It is intended as a convenience for those who want to monitor the ever-changing Apple ecosystem - both in terms of the products, the people and the ideas underlying their activities.
For more information see http://s.erious.ly or chat with me live through chat.center at chat.center/kteare.